Monthly Archives: March 2013

As I roll in my electric wheelchair to our company’s first-quarter all-hands meeting, I’m thankful for many things. I’m thankful for the Texas spring weather in February. I’m thankful for a job that I truly love. Most of all I’m thankful for the ability just to get there. My electric wheelchair allows me the ability to move from one place to the next independently. The elevator at my office building gives me the ability to work on the third floor. The ramps, curb cuts, and sidewalks give me the ability to travel from one building to the next. Crosswalk buttons – mounted at a height that I can reach – give me the ability to safely cross the busy Braker Lane. The silver button labeled, “Push to Open,” gives me the ability to independently enter the building of our meeting place. All of these things give me the ability to access my world. They give me accessibility.

Many things are created in the name of accessibility and make it possible for me to live a productive life. The elevator in my office and the door opener at my meeting place were the beginning and ending of a short journey. Anyone that truly knows me, knows that it was a very short journey, because I move pretty fast in my wheelchair. But the design, planning, engineering, and development of all these individual pieces took a lot of time and even money to produce. Likewise, in the software industry, making an application or even a webpage accessible can add to the cost and lifecycle time of the entire project. Who benefits by these increased accessibility requirements? A Wall Street investor who is colorblind can read the pie-chart of your company trend analysis because you used both patterns and colors to signify the different trending events. A business owner who is deaf can watch and enjoy your exciting company marketing video because you closed captioned the audio. A customer who is blind can navigate your website because you’ve coded headings, sub-headings, and content correctly and used alt-tags on your graphics.

These are all fine reasons to add accessibility to all your software development. But, what about the hidden conveniences accessibility makes for everyone? After our meeting was over and as people carried out the leftover sandwiches and presentation equipment, I noticed they all used the “Push to Open” button to navigate through the doors with their arms loaded with stuff. As I approached Braker Lane on my return to the office, I noticed an anxious, helpful, pre-school boy pushing the crosswalk button for his mother whose arms were occupied holding his baby sister’s stroller at the top of the sidewalk ramp. The crosswalk button was at the perfect height for that enthusiastic, button pressing, future quality assurance engineer. Finally, as I made it to the lobby of my office building, I had to wait my turn for the elevator as the package delivery guy loaded his fifth box onto the elevator. That’s when I realized the added value accessibility can bring to everyone. So the next time you’re on that crowded, noisy train trying to watch and listen to the highlights from last night’s big game on your mobile device and your headphones just aren’t cutting it, you too can be thankful for closed captioning and the way it has made your life accessible.

It’s all but futile to resist mobile devices. They’re everywhere, and because of their convenience and portability they’ve become an integral part of how we live and work, becoming smaller and smaller as we approach the singularity where we ditch handheld computers for subcutaneous implants and access to our UI with the blink of an eye. Sadly, until that day comes, the very convenience and portability that make our mobile devices so, well… convenient, also create the greatest security risks.

The first rather obvious security issue is that these devices are in our hands, purses, and pockets when we’re out and about—which makes them droppable, snatchable, and even forgettable. You may have heard of smart phones being lifted from the purses and shopping bags of European tourists. In the USA, people are more likely to set the device on a counter or table for a moment, where it can be grabbed or forgotten. Or, someone might pickpocket the device in a crowded place, such as on a bus, train or the entrance to a theatre.

Let’s look at a few other possible security issues (some obvious, some you may not have thought of) with mobile devices, and a few of the clever security precautions now offered on the latest technology.

The first answer to someone else obtaining your handheld device is to have the screen lock activated and also install a “remote wipe” capability.

A screen lock on a mobile device is very similar to your desktop or laptop’s screen lock. In order to access the information within, the person must enter a code. A screen lock should also lock the screen after a few moments of no activity. On some devices, after a person tries and fails a few times to unlock it, the screen lock silently uses the device’s camera to email a picture of that person to the owner. A screen lock is a standard feature on most devices.

“Remote Wipe” is the capability to erase all the information on a device as soon as the device connects to the Internet. Some desktop and laptops also have this capability installed. When the device has gone missing, the owner can logon to a website to have the erasure action activated. There are free and fee-based “remote wipe” products available.

If your handheld was lost, and you performed a remote wipe, could you recover all of your data from backups? People sometimes do not realize how much information they are storing on their phones or tablets until they lose them. Most devices have some backup/synchronization process to a website for Name+Address contact lists, but not all to-do lists, notes or photographs are automatically backed up.

A slightly more subtle theft tactic issue is the use of “free” wireless. As you walk around, your handheld may alert you of available “free” unsecured wireless service, or it might automatically connect, depending on your device’s configuration. Hackers have been known to operate unsecured wireless access points, particularly in airports, coffee houses and other places where lots of people are passing through, just so they can capture the network activity and steal information. Your device should be configured to connect only when you explicitly want to, and you should be careful about what you connect to.

Another subtle tactic involves taking advantage of your device’s Bluetooth capability. If your device’s Bluetooth is always on, always searching for compatible devices in range, and automatically connecting to them, then a hacker could easily overhear your telephone conversations and also gain access to your phone’s information. Even you have not used Bluetooth on your handheld device, you should check the settings so you are not inadvertently exposed to this kind of hacking.

With the ubiquitous freedom to compute whenever and wherever you want comes the responsibility to protect your data and device. Luckily, the engineers who design these devices and their apps are pretty smart too. Stay on the lookout for new ways and applications to protect your smart phone or tablet, which are emerging and evolving almost as quickly as the devices themselves.

If there are other security topics or compliance standards that you are interested in having me write about, please let me know by leaving a comment here.